You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Martin Sperl <ma...@ucpmorgen.com> on 2003/05/11 13:39:21 UTC
[users@httpd] mod_rewrite and rewriting REMOTE_USER
Hi!
I have been doing a lot of research regarding SSL User-Authentication
and I am finally coming to a problem that has nothing to do with mod_ssl
but can also be reproduced with plain http...
(Actually i want to suppress some information from the much to verbose
mod_ssl FakeBasicAuth.)
Basically the setup:
RewriteEngine On
RewriteLog /tmp/rewrite.log
RewriteLogLevel 9
<Directory /var/www/cgi-bin>
Options +FollowSymLinks +ExecCGI
AuthName "Please enter the password"
AuthType Basic
AuthUserFile /tmp/htpasswd
Require valid-user
RewriteEngine On
RewriteCond %{REMOTE_USER} ^(.*)$
RewriteRule ^(.*)$ $1 [E=REMOTE_USER:x%1x,L]
</Directory>
and for a request to: /cgi-bin/env.cgi with a user "a" I see the
environment variable:
REMOTE_USER=a
If I mofify the RewriteRule so that it looks like this:
RewriteRule ^(.*)$ $1 [E=REMOTE_USER1:x%1x,L]
I get:
REMOTE_USER=a
REMOTE_USER1=xax
(the REMOTE_USER1 is what I would like to get in REMOTE_USER!)
the rewrite.log gives the following:
192.168.69.254 - - [11/May/2003:13:16:21 +0200]
[<hostname>/sid#8087e48][rid#808be78/initial] (2) init rewrite engine
with requested uri /cgi-bin/env.cgi
192.168.69.254 - - [11/May/2003:13:16:21 +0200]
[<hostname>/sid#8087e48][rid#808be78/initial] (1) pass through
/cgi-bin/env.cgi
192.168.69.254 - a [11/May/2003:13:16:21 +0200]
[<hostname>/sid#8087e48][rid#808be78/initial] (3) [per-dir
/var/www/cgi-bin/] strip per-dir prefix: /var/www/cgi-bin/env.cgi -> env.cgi
192.168.69.254 - a [11/May/2003:13:16:21 +0200]
[<hostname>/sid#8087e48][rid#808be78/initial] (3) [per-dir
/var/www/cgi-bin/] applying pattern '^(.*)$' to uri 'env.cgi'
192.168.69.254 - a [11/May/2003:13:16:21 +0200]
[<hostname>/sid#8087e48][rid#808be78/initial] (4) RewriteCond: input='a'
pattern='^(.*)$' => matched
192.168.69.254 - a [11/May/2003:13:16:21 +0200]
[<hostname>/sid#8087e48][rid#808be78/initial] (2) [per-dir
/var/www/cgi-bin/] rewrite env.cgi -> env.cgi
192.168.69.254 - a [11/May/2003:13:16:21 +0200]
[<hostname>/sid#8087e48][rid#808be78/initial] (5) setting env variable
'REMOTE_USER' to 'xax'
192.168.69.254 - a [11/May/2003:13:16:21 +0200]
[<hostname>/sid#8087e48][rid#808be78/initial] (3) [per-dir
/var/www/cgi-bin/] add per-dir prefix: env.cgi -> /var/www/cgi-bin/env.cgi
192.168.69.254 - a [11/May/2003:13:16:21 +0200]
[<hostname>/sid#8087e48][rid#808be78/initial] (1) [per-dir
/var/www/cgi-bin/] initial URL equal rewritten URL:
/var/www/cgi-bin/env.cgi [IGNORING REWRITE]
As you can see the environment variable gets set but seems to be
overwritten later on again!
Also using FastCGI Authentication and passing back "REMOTE_USER:
<dummy>" together with an OK response does not help!
Is there a way to do this, or does this require a patch to apache?
Cheers,
Martin
P.s: My environment is a fresh installation of RH7.3 (no updates!)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org